NOC Slides

18/12/2009CMS Info Systems Pvt. Ltd.

Network Operation Center


Overview• Introduction• NOC Philosophy• Available Tools


Introduction • “A network operations center (or NOC, pronounced “nock”) is one or more locations from which

control is exercised over a computer, television broadcast, or telecommunications network.”


Functions of a NOC• Responsible for monitoring the network for alarms or adverse conditions (e.g. power failures, link

failure) • NOC staff analyze problems, troubleshooting, collaborate with other technicians on site.• NOC tracks issues/problems until they are resolved. • Problems not solved within a specified time frame can be escalated to the appropriate personnel.• Standard Operating Procedures exists that detail how to remedy issues/problems.


NOC Philosophy• Automate everything• Document everything• Communicate as much as possible• Know your resources• Know your users• Know your business• Security cannot be an afterthought• Plan ahead


Purpose

• NOCs are dedicated to monitoring and coordinating network operations.

• This requires that the following functional areas are addressed:

PerformanceMonitoring

SecurityManagement

Communication

Accounting

ConfigurationManagement

Faults&

Issues

Policies


The Squid Caching Proxy


What is Squid?• A caching proxy for

– HTTP, HTTPS (tunnel only)– FTP– Gopher– WHOIS (Squid version 2 only)

• Supports transparent proxying• Supports proxy hierarchies (ICP protocol)• Squid is not an origin server!


Other proxies• Free-ware

– Apache 1.2+ proxy support (abysmally bad!)• Commercial

– Netscape Proxy– Microsoft Proxy Server– NetAppliance’s NetCache (shares some code history with Squid in the distant past)– CacheFlow (http://www.cacheflow.com/)– Cisco Cache Engine


What is a proxy?• Firewall device; internal users communicate with the proxy, which in turn talks to the big bad

Internet– Gate private address space into publicly routable address space

• Allows one to implement policy– Restrict who can access the Internet– Restrict what sites users can access– Provides detailed logs of user activity


What is a caching proxy?• Stores a local copy of objects fetched

– Subsequent accesses by other users in the organization are served from the local cache, rather than the origin server

– Reduces network bandwidth– Users experience faster web access


How proxies work• User configures web browser to use proxy instead of connecting directly to origin servers

– Manual configuration for older PC based browsers, and many UNIX browsers (e.g., Lynx)

– Proxy auto-configuration file for Netscape 2.x+ or Internet Explorer 4.x+• Far more flexible caching policy• Simplifies user configuration, help desk support, etc.


How proxies work (user request)• User requests a page: http://cmsinstitute.co.in/• Browser forwards request to proxy• Proxy optionally verifies user’s identity and checks policy for right to access

cmsinstitute.co.in• Assuming right is granted, fetches page and returns it to user


Squid’s page fetch algorithm• Check cache for existing copy of object• If it exists in cache

– Check object’s expire time; if expired, fall back to origin server– Check object’s refresh rule; if expired, perform an If-Modified-Since against origin

server– If object still considered fresh, return cached object to requester

• If object is not in cache, expired, or otherwise invalidated– Fetch object from origin server– If 500 error from origin server, and expired object available, returns expired object– Test object for cacheability; if cacheable, store local copy


Cacheable objects• HTTP

– Must have a Last-Modified: tag– If origin server required HTTP authentication for request, must have Cache-Control:

public tag– Ideally also has an Expires or Cache-Control: max-age tag– Content provider decides what header tags to include

• Web servers can auto-generate some tags, such as Last-Modified and Content-Length, under certain conditions

• FTP– Squid sets Expires time to fetch timestamp + 2 days


Non-cacheable objects• HTTPS, WAIS• HTTP

– No Last-Modified: tag– Authenticated objects– Cache-Control: private, no-cache, and no-store tags– URLs with cgi-bin or ? in them– POST method (form submission)


Implications for content providers• Caching is a good thing for you!• Make cgi and other dynamic content generators return Last-Modified and Expires/Cache-

Control tags whenever possible– If at all possible, also include a Content-Length tag to enable use of persistent

connections• Consider using Cache-Control: public, must-revalidate for authenticated web sites• If you need a page hit counter, make one small object on the page non-cacheable.• FTP sites, due to lack of Last-Modified timestamps, are inherently non-cacheable. Put

(large) downloads on your web site instead of on, or in addition to, an FTP site.• Microsoft’s IIS with ASP generates non-cacheable pages by default• Other scripting suites (e.g., Cold Fusion) also require special work to make cacheable• Squid doesn’t implement support for Vary: tag yet; considers object non-cacheable• Squid currently treats Cache-Control: must-revalidate as Cache-Control: private


Transparent proxying• Router forwards all traffic to port 80 to proxy machine using a route policy• Pros

– Requires no explicit proxy configuration in the user’s browser• Cons

– Route policies put excessive CPU load on routers on many (Cisco) platforms– Kernel hacks to support it on the proxy machine are still unstable– Often leads to mysterious page retrieval failures– Only proxies HTTP traffic on port 80; not FTP or HTTP on other ports– No redundancy in case of failure of the proxy


Transparent proxying• Recommendation: Don’t use it!

– Create a proxy auto-configuration file and instruct users to point at it– If you want to force users to use your proxy, either

• Block all traffic to port 80• Use a route policy to redirect port 80 traffic to an origin web server and return a

page explaining how to configure the various web browsers to access the proxy


Squid hardware requirements• UNIX operating system (NT is not currently supported, nor has anyone announced work on

a port)• 128M RAM minimum recommended (scales by user count and size of disk cache)• Disk

– 512M to 1G for small user counts– 16G to 24G for large user counts– Squid 2.x is optimized for JBOD, not RAID


Installing Squid (overview)• Get distribution from http://squid.nlanr.net/• Increase maximum file descriptors available per process before configuring Squid• Run configure script with desired compile-time options• Run make; make install• Edit squid.conf file• Run Squid -z to initialize cache directory structure• Start Squid daemon• Test• Migrate users over to proxy


Squid distributions (versions)• 1.x and 1.NOVM.x

– No longer supported– Entire cache lost if even one disk in cache fails– Doesn’t understand Cache-Control: tag– Other problems– Bottom line: don’t use them

• 2.0, 2.1, 2.2– Redesigned disk storage algorithm much improved– Understands Cache-Control: tag– Better LRU/refresh rule engine– Supports proxy authentication– See documentation for full list of enhancements

• Recommendation: 2.1 is fairly stable, but move to 2.2 when 2.2STABLE released


squid.conf ACL example• acl manager proto cache_object• acl localhost src 127.0.0.1/32• acl managerhost src 204.248.51.34/32• acl managerhost src 204.248.51.39/32• acl managerhost src 204.248.51.40/32• acl cawtech src 204.248.51.0/24• acl cawtech-internal src 172.16.0.0/16• acl all src 0.0.0.0/0.0.0.0


squid.conf ACL example• acl SSL_ports port 443 563• acl gopher_ports port 70• acl wais_ports port 210• acl whois_ports port 43• acl www_ports port 80 81• acl ftp_ports port 21• acl Safe_ports port 1025-65535

• acl CONNECT method CONNECT• acl FTP proto FTP• acl HTTP proto HTTP• acl WAIS proto WAIS• acl GOPHER proto GOPHER• acl WHOIS proto WHOIS


squid.conf ACL example• http_access deny manager !localhost !managerhost• http_access deny CONNECT !SSL_ports• http_access deny HTTP !www_ports !Safe_ports• http_access deny FTP !ftp_ports !Safe_ports• http_access deny GOPHER !gopher_ports !Safe_ports• http_access deny WAIS !wais_ports !Safe_ports• http_access deny WHOIS !whois_ports !Safe_ports

• http_access allow localhost• http_access allow cawtech• http_access allow cawtech-internal• http_access deny all


Kindly perform the Hands On Lab


Open AuditThe Automation of Network

Inventory


Necessity of Inventory SystemsIgnorance is not a valid excuse for Network Administrators• Which systems are near the end of their warranty?• Which Towers contain model #*** video card?• Which IPs are in use and where?• How many licenses are left for X software?• Which systems don't have the MS security patch that was released yesterday?


Problems of Inventory Systems• Manual entry is Error Prone

Especially in complex systems• Budget restrictions

Economic drought means cheaper solutions are that much more favorable


Manual Entry = ErrorsExcel SpreadsheetsBenefits- query by column- MS ‘familiarity’

Disadvantages- manual entry- MS knowledge required- possible to overwrite data- file naming conventions & storage- MS advanced function can be dangerous


Origin of Open-Audit• Open Source http://winventory.sourceforge.net/• Mark Unwin had written a script to audit computers on a network, saw the need to extend it (to have a

query-able web interface). In 2005 the project was originally released via the GPL (http:/www.gnu.org/copyleft/gpl.html )

• wmi, vbscript, mysql & php


Free Software License• Open-AudIT is licensed under the terms of the GNU General Public License Version 2 as

published by the Free Software Foundation . This gives you legal permission to copy, distribute and/or modify Open-AudIT under certain conditions. Read the 'LICENSE' file in the Open-AudIT distribution or read the online version of the license for more details.

• Open-audit is provided as is with no warranty of any kind, including the warranty of design, merchantability, and fitness for a particular purpose.


What do you get for free?


Open-Audit = Automation• Overview

Open Audit audits the hardware and software it discovers on your computers, and posts its findings to a MySQL database. From there the data is presented in a clean and readable form via a set of PHP web pages.


Automation = No typing errors!


Free: Automated data collecting• Hardware• Software• Operating System Settings• Security Settings• Users and Groups• Disk Usage Graphs• Audit History


Free: Data Reports• Operating System Type• IE Versions• Firefox Versions• Memory Sizes• Processor Types and Speeds• Hard Disk sizes• Software Keys• Detected Network Servers• Newly Detected Software• Low Disk Space• Systems not audited for xxx days


What's the catch?


Not Free: Cost of ownershipRequirements:• Web server• PHP• MySQL• Secured installation


Not Free: Knowledge and SkillsQ: We are a windows shop• A: XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl.Q: No knowledge of PHP/MySQL• A: No configuration, easy to install Open Audit. Must possess basic sysadmin troubleshooting

and problem solving skills. After all, it is a tool, not an employee.


How Open-Audit worksRoles of Components:• Application resides on Web Sever• Domain Admin account to remote audit machinesIf there is no Domain admin account:• Local machine can have a scheduled job to

regularly audit and send results to the server


Server installation: LinuxUp and running in minutes (overview):• yum install httpd subversion mysql php php-mysql php-common• create database and user• svn co https://open-audit.svn..../trunk /var/www/open-audit/• /etc/init.d/httpd start• /etc/init.d/mysqld start• Follow web install instructions


Server installation: windowsUp and running in minutes (overview):• Download and install XAMPP & tortoisesvn• Create database and user• Grab a copy of Open-Audit from svn repository• Follow web based installation guide• http://server-address/open-audit/


Client installation• No client installation is needed if all computers are on a domain and you have domain admin

accountOverview:• Scheduled task to run .cmd file on network share, network share has the audit.config file

which points to the server• Windows audit with vbs script• Unix audit with shell script


Open-Audit : quick tour




ManageEngine NetFlow Analyzer


Introduction• ManageEngine™ NetFlow Analyzer is a web-based bandwidth monitoring tool that performs

in-depth traffic analysis using exported NetFlow data.• NetFlow™ technology provides granular details about network traffic that has passed

through an interface.• NetFlow Analyzer processes this information to show you what applications are using

bandwidth, who is using them, and when.• Extensive graphs and reports make this information easy to analyze, and also help

accelerate the troubleshooting process.


A Typical Setup • NetFlow Analyzer Enterpise edition

supports bandwidth monitoring and traffic analysis in distributed networks.

• A typical setup involves a Single Central Server and “N" number of Distributed collectors. Each of the “N" collectors reside near the routers at the remote location. The collectors collect & process the NetFlows from the routers and passes the compressed data to the Central Server through a secure https connection.


System RequirementsHardware Requirements The minimum hardware requirements for

NetFlow Analyzer to start running are listed below.

• 32 bit machine • 2.4GHz, Dual Processor • 4 GB RAM • 20 GB disk space

Software RequirementsNetFlow Analyzer can be installed and run on the

following operating systems and versions:• Windows 2003 server SP2 • Windows 2008 server SP1• Windows Vista • RedHat Linux

Supported Web BrowsersNetFlow Analyzer has been tested to support the following web browsers and versions:• Internet Explorer 6.0 and later • Mozilla Firefox


Prerequisites• NetFlow Analyzer Central Server requires the following ports to be free


Installing and UninstallingInstalling NetFlow Analyzer Central Server

Windows:• The Windows download for NetFlow Analyzer is available as

an EXE file at http://www.netflowanalyzer.com/distributed-monitoring/download.html

• Download the EXE file for the Central Server to your local machine, and double-click it to start installation. Follow the instructions as they appear on screen to successfully install NetFlow Analyzer on to your machine.

Linux:The Linux download for NetFlow Analyzer is available as a BIN

file at http://www.netflowanalyzer.com/distributed-monitoring/download.html

1. Download the BIN file and assign execute permission using the command: chmod a+x <file_name>.binwhere <file_name> is the name of the downloaded BIN file.

2. Execute the following command: ./<file_name>.bin3. Follow the instructions as they appear on the screen to

successfully install NetFlow Analyzer on to your machine.

Uninstalling NetFlow Analyzer Central Server

Windows1. Navigate to the Program folder in which NetFlow Analyzer

has been installed. By default, this is Start > Programs > ManageEngine NetFlow Analyzer EE Central Server .

2. Select the option Uninstall Central Server 3. You will be asked to confirm your choice, after which

NetFlow Analyzer is uninstalled.

Linux1. Navigate to the <NetFlowAnalyzerHome>/_uninst

directory. 2. Execute the command ./uninstaller.bin 3. You will be asked to confirm your choice, after which

NetFlow Analyzer is uninstalled.


Starting and Shutting DownStarting as a Service

Windows:

If you have chosen the Start as Service option during installation, NetFlow Analyzer will run as a service on Windows.

Linux:1. Login as root user. 2. Navigate to the <NetFlowAnalyzer_Home>\bin

directory. 3. Execute the startAsDaemon.sh file 4. Then execute the command /etc/init.d/netflowanalyzer

start • This starts NetFlow Analyzer as a service on Linux.

Shutting Down NetFlow Analyzer Central Server

Windows:1. Navigate to the Program folder in which NetFlow Analyzer

has been installed. By default, this is Start > Programs > ManageEngine NetFlow Analyzer Central Reporting Server > Shutdown Central server

2. Alternatively, you can navigate to the <NetFlowAnalyzer_Home>\bin folder and invoke the shutdown.bat file.

3. You will be asked to confirm your choice, after which the NetFlow Analyzer server is shut down.

Linux:1. Navigate to the <NetFlowAnalyzer_Home>/bin directory. 2. Execute the shutdown.sh file. 3. You will be asked to confirm your choice, after which the

NetFlow Analyzer server is shut down.


Accessing the Web Client• NetFlow Analyzer is essentially a bandwidth monitoring tool that uses Cisco NetFlow exports to

analyze network traffic and determine bandwidth usage.

• Once the server has successfully started, follow the steps below to access NetFlow Analyzer.1. Open a supported web browser window 2. Type the URL address as http://<hostname>:80 (where <hostname> is the name of the machine

on which NetFlow Analyzer is running, and 80 is the default web server port) 3. Log in to NetFlow Analyzer using the default username/password combination of admin/admin

• Once you log in, you can start managing devices exporting Cisco NetFlow, generate bandwidth reports, and more.


License InformationNetFlow Analyzer comes in two flavors:• Evaluation Edition - collect, analyze, and report on Netflow data ( valid only for 30 days ) • Enterprise Edition - collect, analyze, and report on Netflow data from a maximum of n interfaces

(where 'n' is the number of interfaces for which NetFlow Analyzer has been purchased) Once installed, NetFlow Analyzer runs in evaluation mode for 30 days. You can obtain a registered license

for NetFlow Analyzer at any time during the evaluation period by contacting NetFlow Analyzer Support.


Upgrading your License• After obtaining the new license from AdventNet, save it on your computer, and follow the steps below to

upgrade your NetFlow Analyzer installation:

1. Log in to the NetFlow Analyzer Central Server web client 2. Click License Management from Admin Operations 3. Click the Upgrade License link present in the top-right corner of the screen 4. In the License window that opens up, browse for the new license file and select it 5. Click Upgrade to apply the new license file


Cisco® NetFlow Device Support Cisco Routers• NetFlow is also supported by these Catalyst series switches: 45xx, 55xx,

6xxx.


Other VendorsSome of the major vendors supporting NetFlow include:• Alcatel • Enterasys Networks • Extreme Networks - Does not support input/output interface, octets, or first and last times. • Foundry Networks • Juniper Networks - Does not support sampling interval attribute. First and last times are stored in

seconds rather than milliseconds. • Riverstone Networks - no native NetFlow support. However, Riverstone provides a converter that

translates the LFAP records from their devices into NetFlow.


Configuring Netflow Export on an IOS Device

• Follow the steps below to configure Netflow export on a Cisco IOS device.

Enabling Netflow Export

Enter global configuration mode on the router or MSFC, and issue the following commands for each interface on which you want to enable Netflow:

• interface {interface} {interface_number}• ip route-cache flow• exit


Exporting Netflow Data• Issue the following commands to export Netflow data to the server on which NetFlow Analyzer is running:


Verifying Device Configuration• Issue the following commands in normal (not configuration) mode to verify whether Netflow

export has been configured correctly


A Sample Device Configuration• The following is a set of commands issued on a router to enable Netflow version 5 on the

FastEthernet 0/1 interface and export to the machine 192.168.9.101 on port 9996.


Turning off Netflow• Issue the following commands in global configuration mode to stop exporting Netflow data:


Getting Started• Once NetFlow Analyzer Central server has been successfully set up and started in your

network, the Collector can be started. The collector contacts the Central server for configuration setting information. The next thing to do is start receiving NetFlow exports from routing devices on your network.

• As soon as you log in to the NetFlow Analyzer web client, you will see the Dashboard -Collectors. The top 10 interfaces and the corresponding routers are shown in this display.

The All Devices option on the left panel is diviided into two tabs.1. The Interface View which lists all the interfaces from which NetFlow exports are received 2. The Autonomous System View which lists all the autonomous systems configured with each

router


Google Map View• Google maps feature lets you physically locate your network resources on a map. • This enables network administrators to have a feel of how distributed their network is and more

importantly in a quick and easy drill down to resource-specific information. Information on up to 3 top interfaces linked to a router is shown in the map.

• NetFlow Analyzer, by using google maps, lets you position your devices on a map for a graphical presentation. You need to obtain a Google API Key in order to set up this. The steps to obtain one is elaborated below.


IP Groups View• Initially when no IP groups have been created, you will simply see a status message with the option to start creating

IP groups.

• The IP Group List shows all the IP groups that have been created so far. Click the View Description link to view descriptive information on all IP groups created. Alternatively you can click the View Description link against each IP group to view descriptive information on that IP group alone. Details such as Speed, IP Address, Port(Protocol), Associated Interfaces is shown.

• Click the IP Group name to view traffic graphs specific to that IP group. From the traffic graph, you can navigate to see the top applications, top hosts, and top conversations in this IP group.

• The IN Traffic and OUT Traffic columns show the volume of incoming and outgoing traffic in the IP group generated over the past one hour. You can click on the IN Traffic or OUT traffic bar to view the respective application traffic report.


NetFlow Traffic Reports • NetFlow Analyzer generates traffic reports in real-time, as soon as NetFlow data is received from an

interface.

• The traffic reports in NetFlow Analyzer include information on:– Traffic Trends– Top Applications– Top Hosts– Top Conversations

• Apart from these pre-defined reports, Custom Reports let you define criteria and generate specific reports on network activity. Consolidated Reports show you overall traffic statistics for an interface or AS as applicable. Troubleshooting Reports let you troubleshoot an interface using raw data directly.


Top Applications• The Applications tab shows you the top applications and top protocols for the selected time period. The default

view shows the Top ApplicationIN Report. This report shows the distribution of incoming traffic application-wise.

• Choose between IN and OUT to display the application-wise distribution of incoming or outgoing traffic respectively.

• The table below the graph shows the distribution of traffic per application. You can see what application caused how much traffic, and how much of the total bandwidth was occupied by that application.

Top Conversations Click on an application's name to see the Top Conversations that contributed to this application's traffic.

Viewing Top ProtocolsClick the Protocol Distribution link to see the top protocols for the selected interface or IP group, in a new window. Top Hosts• The Source tab shows the top source hosts contributing to traffic in the selected time period. The default view

shows the Top SourceIN Report.• The Destination tab shows the top destination hosts contributing to traffic in the selected time period. The default

view shows the Top DestinationIN Report.


Admin Operations• NetFlow Analyzer lets you perform many administrative tasks typical of an enterprise network

administrator, such as managing a group of routers, handling different users, setting up alerts, etc.

• Explore the following sections to know more about the administrative options available in NetFlow Analyzer.


Alert Profiles ManagementAn alert profile is created to set the thresholds for generating alerts. The parameters to be set for creating

an alert profile are;• Interfaces/ IP Groups / Interface Group - The list of interfaces/ IP Groups / Interface Group whose

bandwidth utilization must be watched • Traffic pattern - The traffic to be watched - In Traffic, Out Traffic or a Combination of both • Application / Port(s) - You can watch the traffic through all the applications or from a particular

application. Similarly, through a single port or a range of ports • Threshold Settings - It has 3 settings namely % utilization, no. of times, and duration.

– % Utilization - When the utilization exceeds this limit, it is noted– No. of time - The number of times the utilization can be allowed to exceed the threshold before

an alert is raised– Duration - The time period within which, if the threshold is exceeded the specified number of

times - an alert is created(generated)


Schedule ReportsIt is a good idea to schedule reports to be run at non-peak traffic hours since generation of reports is a resource hungry

process especially for large interface numbers.

A Scheduler is configured to set the parameters for automating the generation of reports. The parameters to be set for creating a Scheduler are:

• Source - The Interfaces or IP Groups which are the source of traffic. – Interfaces - The list of interfaces who's bandwidth utilization must be watched. One report will be generated

for each interface selected. – IP Groups - The IP groups who's bandwidth utilization must be watched. One report will be generated for

each IP Group created. • Report Type - The type of report to be generated - Consolidated or Custom ( custom report option not available

under "IP Groups") • Report Generation Schedule - How and when the report is to be generated (e.g.) daily,weekly,monthly,or only

once – Generate report on - This value determines the time when report is to the generated – Generate report for - This value determines the start and the end time for the report

• Email Address - This is the address to which the generated reports will be sent


User Management• The User Management option lets you manage different users with varying access privileges. You can assign

different users to different device groups and IP groups, and allow them to manage the assigned groups exclusively. You can choose from three types of users in NetFlow Analyzer - Administrator, Operator, and Guest. You can create any number of users of each type, and assign them to any number of device groups and IP groups.


Mail Server Settings• These settings are important when e-mail notifications have to be sent for alerts generated and when Scheduled

Reports have to be emailed.




Monitoring Networks With PRTG Traffic Grapher


Why Monitoring Of Bandwidth and Network Usage Is Important ?

• Today most businesses rely more or less on a computer and network infrastructure. So, the computer network's reliability and speed are crucial for these businesses to be successful, as well as an efficient use of the available resources.

• For the network administrator this means that he has to ensure his network's uptime, reliability, and speed – and the efficient use of the network. To do this, monitoring the network is inevitable.

• PRTG (Paessler Router Traffic Grapher) is an easy to use software that monitors bandwidth usage and many other network parameters via SNMP

• PRTG Traffic Grapher runs on a Windows machine in your network for 24 hours every day and constantly records the network usage parameters. The recorded data is stored in an internal database for later reference.


Base Features• Reliable network monitoring used by more than 100.000 users every day • Supports data acquisition via SNMP• Classifies network traffic by IP address, protocol and other parameters • Works with most switches, routers, firewalls, and other network devices • Easy installation with a few clicks on Windows 2000/XP/2003• Monitoring engine is capable of monitoring up to several thousand sensors • A Freeware Edition is available for smaller networks• Creates scheduled reports from the monitoring data• Sends out alarms for failing or overloaded sensors• Includes a built-in web server for remote access to the monitoring results


Supported Data Acquisition Methods• All common methods for network usage data acquisition are supported:• SNMP: Simple Network Management Protocol is the basic method of gathering bandwidth

and network usage data. It can be used to monitor bandwidth usage of routers and switches port-by-port as well as device readings like memory, CPU load etc.

• Packet Sniffing: The Packet Sniffer inspects all network data packets passing the PC's network card(s) and is able to classify network traffic by IP address, protocol and other parameters

• NetFlow: The NetFlow protocol is supported by most Cisco routers to measure bandwidth usage. Although being the most complex type to set up it is also the most powerful method suitable for high traffic networks and can also classify network traffic by IP address, protocol and other parameters.

• Note: Only with Packet Sniffer and NetFlow based monitoring it is possible to measure the traffic by IP address, and/or protocol. SNMP based traffic measurement is port-based only.


Windows and Web Based User Interface• Monitoring data can be accessed via a Windows GUI and a web based front end • Intuitive Windows user interface for data retrieval and configuration • Integrated web server for remote access (no external web server necessary) • Results are shown in various graphs and tables • live data for last 5-60 minutes

· x minute average for up to 48h · hourly averages for up to 60 days · daily averages for up to 365 days · Top Talkers, Top Protocols, Top Connections· Events

• Graphs and tables are always generated on-the-fly for live reporting


Internal Web Server• Easy to use navigation allows to drill into the live monitoring results • Fully "skinable" web interface using HTML templates (several default skins included) • Web server supports public access (anyone can view the data) as well as authenticated

access (username/password required) with multiple user account


Reports• Configurable reports (graphs and data tables) in HTML, RTF, XLS, TIFF or PDF format can

be created on schedule or on demand• Reports can be exported via email or saved to file • x% percentile calculation for any percentile value, any interval, and any time frame • Includes a billing system for bandwidth based billing


Notifications• For each sensor individual email notifications can be configured that notify about

· Errors (e.g. device is not reachable) · Reaching traffic limits (e.g. more than x MB transferred per day or month) · Reaching traffic or usage thresholds (e.g. more than 700kbit bandwidth for more than

one hour)


SNMP Related Features• Monitors any value that is accessible by SNMP (i.e. any given OID Object ID) • Supports SNMP Version Versions 1, 2c, and 3• Supports 64 bit counters (for SNMP V2c and 3)• Brings its own extensive OID database with many preconfigured SNMP settings (e.g. for

CPU loads, disk usages, printer pagecounts, environmental monitoring, and many more) • Supports Paessler SNMP Helper for easy access to several thousand performance counters

on Windows based machines via SNMP • MIB files can be converted into OIDLIBs to monitor any device that supports SNMP• Various SNMP parameters (e.g. port, timeout) can be set by the user




ManageEngine OpManager


ManageEngine OpManager -Network Monitoring Software

• With the growing need for the network monitoring software in the IT industry, OpManager has been built to satisfy the needs of network administrators by monitoring servers, routers, switches, firewalls, printers, critical services and applications from a single console.


Network Monitoring• OpManager discovers switches, routers and firewalls in the network during the network

discovery automatically and monitors the critical parameters such as the traffic rate, error and discards rate, buffer hits and misses and so on. You can get the availability report of each port and interface. Using the Switch Port Mapper tool, you can get the list of devices connected to each port of the switch. You can also create your own views and draw the diagram to virtually represent your network and get the availability of the interfaces visually.


Server Monitoring• OpManager allows you to classify devices as servers and desktops. This facilitates

separating critical servers from end-user workstations and allows for more meaningful management. You can manage Windows Event Logs and Windows Services.


WAN Monitoring• OpManager provides complete solutions for monitoring your WAN links. It checks for RTT,

Latency and availabilty between the WAN links. The WAN monitor comes as an add-on feature.


Applications and Services Monitoring• OpManager discovers and actively monitors services and applications running in the

servers. Out-of-the-box support is provided for services such as Web, HTTPS, FTP, IMAP, LDAP, Telnet, MySQL, MS-Exchange, SMTP, POP3, WebLogic, etc., and applications such as MSSQL, MS Exchange, Oracle and Lotus. Special add-ons are available for monitoring Exchange 2000/2003/2007 and Active Directory Services.


URL Monitoring• OpManager monitors your Web sites, both global URLs and URLs in the servers, and

promptly notifies you when the host becomes unavailable.


Fault Management• OpManager provides extensive solutions for monitoring Sylsogs, Eventlogs and current

Processes running on the devices. OpManager detects faults in the network through periodical status polling and generates color-coded alarms for the faults. OpManager can also be configured to notify the administrator about the fault detected in the network.


Performance Management:• OpManager measures the performance of the network hardware and software, such as the

bandwidth, memory, disk and CPU utilization, and service response time by collecting data at regular intervals. These data are provided in the form of reports and graphs to the administrators. The threshold limits can be configured to pro-actively monitor the critical parameters in the managed devices.


Starting OpManager• After installation, all the OpManager-related files will be available under the directory that

you choose to install OpManager. This is referred to as OpManager Home directory.On Windows Machines• If you have chosen to install OpManager as Windows service, you will be prompted to start

the service after successful installation. The Web Client is invoked automatically on installing as a Service. Enter the log-on details. The default user name and password is 'admin' and 'admin' respectively.

To later start OpManager as a Windows Service, follow the steps below:1. Click Start, point to Settings, and then click Control Panel.2. Under Administrative Tools, select Services.3. In the details pane, right-click ManageEngine OpManager and click Start.To stop the ManageEngine OpManager service, right-click the ManageEngine OpManager

service in the Services window and click Stop.


Starting OpManagerOn Linux Machines1. Log in as 'root' user.2. Execute the StartOpManagerServer.sh file present in the <OpManager Home>/bin

directory.3. Once the server is started successfully, execute StartOpManagerClient.sh to start the

client. In the displayed login window, type the User Name and Password and press Enter.

• To stop OpManager running on a linux machine, execute the ShutDownOpManager.sh file present in the <OpManager Home>/bin directory. Type the User Name and Password in the Shut Down OpManager window and press Enter.


Connecting the Web Client1. Open a JavaScript-enabled Web browser such as Internet Explorer or Mozilla Firefox.2. Type http://<host_name>:<port_number> in the address bar and press Enter. Here,

<host_name> is the name of the machine in which OpManager is running and <port_number> is the port that you have chosen to run OpManager Web Server during installation.

[Note: If you have enabled SSL, connect as https:///<host_name>:<port_number> in the address bar and press Enter.]

3. Type the User Name and Password and click Login. The default user name and password are 'admin' and 'admin' respectively.

• Alternatively, if the OpManager server is running on Windows machines, you can start the Web client using Start > Programs > ManageEngine OpManager > OpManager Web Client.


Changing Ports in OpManager• You will be prompted to change Web Server port during installation. You can change it after

installation.• The script for changing the Web Server port number, ChangeWebServerPort (in Windows

this will be a .bat file and in Linux, .sh file) is available under the <OpManager Home>/bin directory.

The steps to change the port number are as follows:1. Stop the OpManager server. If you are running OpManager as Windows service, stop the

service.2. Execute the script as follows:

In Windows,ChangeWebServerPort <old_port_number> <new_port_number>In Linux,sh ChangeWebServerPort.sh <old_port_number> <new_port_number>Here, old_port_number is the port number you specified during installation and new_port_number is the one where you want to run the Web server.

3. Start the OpManager server.


What Should Be Monitored?Following are the components of networks that are considered critical:• WAN Infrastructure: Routers, WAN Switches, Firewall, etc.• LAN Infrastructure: Switches, Hubs, and Printers.• Servers, Services, and Applications: Application Servers, Database servers, Active Directory,

Exchange Servers, Web servers, Mail servers, CRM Applications, etc.• Host Resources: CPU, Memory, and Disk Utilization of critical devices.• Critical Desktops and Workstations.


How Frequently Should I Monitor?The general practice is to monitor critical devices more frequently than non-critical devices.

Given below are the recommended monitoring intervals for small and medium-sized networks (up to 1000 devices):• Routers and Critical Servers: 10 minutes• Switches, Hubs, and Printers: 10 - 20 minutes• Critical Services like Exchange, Active Directory: 10 - 20 minutes• Desktops and Workstations: We recommend turning off monitoring for desktops and workstations to reduce the amount of network traffic generated by OpManager.

This is done by removing selection for Desktop category in Admin > Monitoring Intervals.Alternatively, monitor them less frequently, say for every hour or 30 minutes.If there are a few critical workstations that you want to monitor, you can turn on monitoring for those devices individually.


Using Quick Configuration WizardYou can also use the Quick Configuration Wizard to associate a service to several devices at one go.

Here are the steps:1. From the Admin tab, select Quick Configuration Wizard.2. Select the option Associate a credential to several devices and click Next.3. All the available Credentials are listed. Select the Credential which you want to associate to

your devices.4. Select the devices to which you want to assign the credential from the column on the left and

move them to the right.5. Click Finish. The Credential is associated to the selected devices.


Discovering Networks Using OpManager• Discover a range• Discover a complete network• Discover by Importing from a file• Import the Devices into OpManager• Discover Individual Devices


Customizing Dashboards• Customizing Dashboard feature in OpManager helps you to create your own dashboard and

view the desired performance metrics, reports etc at-a-glance.


List View• The List view (Maps-> <Device Category>-> List View) lists all the devices of a category

along with their Status, IP Address, Type, % of CPU utilized and % of memory utilized in order to have a quick look at the current status and workload handled by the devices.


Google Maps• OpManager allows you to integrate Google Maps and place the devices on the maps

according to the geographic distribution.


AlertsManaging Faults in Network

There can various types of faults in a network. With the network health depending on various resources like the system resources, services, network connectivity etc, getting to the root of the problem is simplified when the monitoring solution raises meaningful alarms. OpManager helps you identify the fault quickly with its detailed alarms indicating the resource that is poorly performing in the device . The different types of OpManager alarms include:

• Status-poll Alarms (device, service, interface, port down alarms).• Threshold-based alarms for host resources, response times etc proactive monitoring.• Alarms from SNMP Traps.• Windows event logs based alarms.

OpManager monitors the resources for availability and performance and triggers alarms for all the criteria mentioned above. These alarms can also be sent as email or sms alerts from OpManager.


Configuring Notifications• When a fault is detected in your network, an event occurs and multiple events correlate to

trigger an alarm. You can configure OpManager to notify the network administrator or perform automatic actions based on the alarm raised for a device.

The different types of notifications available are:• Email Alerts• SMS Alerts• Web Alerts• Run a Program• Run a System Command


Configuring Mail Server Settings• OpManager allows you to configure e-mail alerts and SMS alerts to get notified on the fault

in your network. By default, OpManager sends the mail to the mail server specified in the e-mail notification profile. To configure the SMTP server settings globally and to provide the secondary mail server settings, follow the steps given below:

1. Under the Admin tab, click Mail Server Settings.2. Enter the SMTP Server name and Port number.3. Select Requires Authentication and enter the User name and Password details, if the

server requires authentication to send e-mail.4. Configure the From and To Email ID fields.


Reports• The information on the entire network configuration management process in your enterprise

is presented in the form of comprehensive reports• It provides over 12 reports under four categories:1. Network Reports2. Configuration Reports3. User Reports4. Policy Compliance Reports

Documents

NOC Slides